Comment 8 for bug 1343657

Happy for this to be opened up.

To repeat a comment I've made elsewhere; this should be hardened, the person that writes the config file for a service might not be intended to have root access to the production systems that run the service (think a remote developer/consultant etc) changes can be introduced in a number of ways that aren't obvious and don't require direct access ie. Changes to config management templates.

While I agree that this should be opened up, it should be noted that the modes of access are potentially much more complicated than "You need root access anyway" and this should be hardened at the earliest possible opportunity.

Is it worth considering an OSSN regarding this? "Validate config files where authors are not permitted root access to systems" - or some variation on that theme?